10-05-2016 07:25 AM - edited 03-18-2019 06:27 AM
Hello Everyone
Recently we configured a CUCM 10.5.2 to mix mode, all works fine but when we tried configured the Conductor over TLS fail in the Conductor's Rendezvous Location.
All servers have their certificates signed by the same CA and the root certificate also.
In the CUCM we created 2 SIP trunk security profile, one for ad-hoc with the ad-hoc FQDN IP as SN and another one for Rendezvous, with rendezvous FQDN as X.509.
Both trunks (adhoc and Rendezvous) are in Full service over 5061, FQDN to reach Conductor, secure profile and Conductor interop script.
Conference bridge is registered and working.
But... when we changed the port and protocol in the Rendezvous Location, always fail, "Call control destination not reachable" "At least one call control trunk destination is unreachable." so...
Port: 5060 Protocol: TCP --- OK
Port: 5061 Protocol: TCP --- KO
Port: 5060 Protocol: TLS --- KO
Port: 5061 Protocol: TLS --- KO
We checked again the manual and said Port: 5061 Protocol: TLS ,certificates, secure trunk etc, we have all ok. Then we thought replicate the issue with new version.
Now we have new servers in our lab:
CUCM: 11.0.1
Conductor: XC4.3
TPS: 4.4(19)
We have the same issue in our Lab.
Any idea?
10-05-2016 06:39 PM
There are some bugs related to that, I don't believe they have fixed them, you'll have to use just TCP
cscut10254 HTTPS fails between CUCM and Conductor
cscut22572 Unable to create HTTPS connection between Conductor and CUCM using FQDN
10-07-2016 12:54 AM
jorobb There aren't intermediate certificates, only root.
CUCM has CallManager, CAPF, Tomcat & TVS certificates signed by our CA and we uploaded the root certificate as trust on each certificate.
The Conductor is signed by the same CA and has the root certificates in its Trusted CA certificate.
We used the FQDN in the CN of all of our servers, except CA, it has the hostname+description but we think shouldn't be a problem.
javalenc Are these bug for Rendezvous? Looks are Bugs for Conference Bridge Resource / Ad-Hoc , our conference bridge is registered.
Our Trunk for Conference bridge has the FQDN of the Conductor Adhoc IP, as port 5061 and its secure trunk profile ( Encrypted, TLS, X.509 FQDN of the Conductor Adhoc IP, 5061).
And the Conferene Bridge in the HTTP Interface Info has the username/password of Conductor admin, HTTPS checked and HTTP Port 443.
The error is focus in the Conductor Location Rendezvous configuration, on the event logs show:
conferencefactory.controller: Level="WARN" Event="The reachability of a SIP trunk has changed." Current_state="unreachable" Location="LOC_Rendezvous" Previous_state="unknown" Source_IP="192.168.80.242" Trunk_transport_protocol="TLS" Trunk_IP="cucm11p.stgcollab.com" Trunk_port="5061" UTCTime="2016-10-07 07:41:51,428"
Thanks for your ideas.
I will try to do some captures today.
10-05-2016 07:04 PM
Sounds like the CUCM to Conductor side of the trunk is fine.
Does your CUCM use a root and an intermediate in its certificate chain, and if so does the Conductor trust the Intermediate certificate in the trusted root CA list?
-Jonathan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide